PDFSign is used to sign PDF documents with an X.509 certificate. In addition to the single signature, larger quantities of documents can also be signed in the stack in a time-saving manner. Since the signing also guarantees that a document has not been changed afterwards, the signing must always be the last step of the document creation. A subsequent change would render the signature invalid.

PDFSign features:

PKI compatibility:PDFSign is completely PKI neutral and works with PKI components from any vendor, including CAs, certificates, CRLs, SmartCards, etc. The access and use of the certificates and associated private keys can be done via SmartCards, USB Token or PFX files. Also, a signature processing is supported via Hardware Security Module (HSM), provided that they have an MS-CAPI or PKCS # 11 interface.

PDF/A or ZUGFERD documents remain valid:PDFSign ensures that the PDF/A or ZUGFeRD compliance is maintained even when applying the (visible) signature.

Billing signatures:The PDF / A and ZUGFeRD PDFSign compatible signatures can be used to digitally sign both individual (interactive) and larger quantities (batch processing) of invoices. An EU Directive states that invoices sent electronically by all Member States are to be accepted if the authenticity (origin) and integrity (unalterability) can be ensured.

PAdES Standard: PDFSign is compatible with PAdES part 2 and PAdES-LTV (long-term validation) standard. The revocation information of the certificates is embedded (PAdES-LTV).

Long-term validation:With PDFSign, a long-term validation document can be signed and stamped with a time stamp. PDFSign supports advanced digital signatures that contain embedded RFC 3161 compliant secure time stamps. Such certificates may also be verified after expiry of the validity and after revocation of the certificate.

CAdES-T (time stamp) Support – CMS Advanced Electronic Signature (CAdES) – CAdES-T (Timestamp), inserts trustworthy time stamps to protect against repelability. Signing and verifying very large CAdES signed files (100 MB and more). A time stamp helps to determine whether a document has not been modified after the signature. Like signatures, timestamps are easier to verify if they are associated with a certificate of a trustworthy time stamp instance.

SHA256, SHA512 Algorithm and RSA2048: PDFSign also supports the SHA256 and the SHA512 hash algorithm (known as SHA2) as well as RSA2048 as well as longer keys.

Encryption of PDF documents

PDF Document confirmation:This electronic confirmation can be used to indicate that the content of the document has been checked and approved.

Signature display configurable: PDFSign offers all possibilities to configure the visual representation of the visibly displayed signature. In addition to a number of parameters, the position as well as the pages – first, last, all – can be defined.

PDFSign – X.509 Certificate Generator:

X.509 certificates form the basis of a public-key infrastructure (PKI). These are electronic legitimations, issued by a certification body (CA) and linked to a key pair consisting of a private and public key.

Digital certificates are typically issued by a trusted and certified institution (CA) that guarantees identity. These are delivered both on secure hardware such as SmartCard’s or USB token or as software certificates. With PDFSign it is also possible to create self-signed certificates. These can be used exactly as official certificates, but they do not have any certification or assurance. Signed documents are technically equivalent could be rejected by third parties but not as trustworthy and reliable.

Functions – Certificate Generator:

Self-signed certificates, root or user certificates can be created and stored either in the Microsoft certificate store or as a PFX file.